Looking at Microsoft Security from a Developer’s Perspective

Back in 2011 when Office 365 first came out, I thought that Independent Software Vendors (ISVs) and Microsoft Partners selling their products would have a hard time integrating their solutions. This was not only due to Office 365 offering a completely new architectural and technological approach, but also in terms of providing security in the cloud. As it turned out, I couldn’t have been more wrong…

Today, Azure and Office 365 open up a whole world of possibilities and tools for ISVs. They allow developers to easily create robust cloud infrastructures to host applications and seamlessly integrate with Microsoft cloud solutions, all while maintaining the highest level of security. With Gold competency in App Development and Silver competency in Small/Midmarket Cloud Solutions, we have experienced it first hand as a Microsoft partner delivering solutions for Office 365 and Exchange to over 57,000 businesses and partners around the world.

Here’s a quick overview of what you can expect in terms of security and development tools as a Microsoft partner.

Azure and Office 365 Make it Easy for Developers

Just a few years ago, if you wanted to host your solutions for your clients, you had to invest a lot of money to build your own on-premises infrastructure with multiple servers for apps and databases. You were totally on your own in terms of providing security, maintenance, network infrastructure, high availability, and so on. You also had to combine systems of multiple external providers and constantly struggle with incompatibility issues. When Microsoft Azure and Office 365 kicked in, all these problems took a hike.

Azure is the only ecosystem that combines everything that you need to develop modern cloud applications. It also lets you automatically test your programs and deliver them to your clients and partners in no time. Azure is fully integrated with other Microsoft development tools and with Office 365, and it gives vendors like us a chance to create anything from the network layer to the data layer, to the user interface. Moreover, since everything can be managed from one control panel, there is no need to use multiple external systems.

More important, Azure and Office 365 provide modern APIs, which not only enable other applications to communicate and integrate with Microsoft cloud solutions to provide additional features or to automate some processes but also offer a high level of security, thanks to token-based authentication (OAuth 2.0). OAuth 2.0 allows third-party applications developed by Microsoft partners to securely use Office 365 users’ information without exposing user credentials and any other sensitive information.

That’s why we, as a vendor, decided to start transitioning our on-premises applications to the cloud and using the benefits of Azure and Office 365. One of these benefits is DevChat, which allows partners to speak to a Microsoft engineer about development and deployment of their Azure and Office 365 solutions.

Secure and Fast Authentication

We quickly realized that OAuth 2.0 combined with a powerful Microsoft Graph API gives us almost a ready-made authorization infrastructure for our clients and partners by leveraging the same, secure authentication structures that Microsoft uses itself in Azure and Office 365.

Without it, users would have to create separate accounts for each and every service and cloud application they need to use. Using Microsoft’s user management infrastructure not only saves time, but it is also more secure as far as user account and password protection management are concerned.

Now OAuth 2.0 and Graph API let our clients and partners use their Microsoft accounts to log in to Microsoft services as well as to applications developed by us.

Open Authentication Builds Customer Trust

OAuth 2.0 is not only convenient for the user but it’s also very secure. Every user knows exactly what resources their applications want to have access to, and can revoke this access at any time.

Furthermore, our applications do not have to read or store user credentials anywhere as they only use opaque and digitally signed access tokens generated by Microsoft’s trusted OAuth servers. The tokens themselves are just strings of characters that cannot be understood or decoded by anyone but Microsoft.

When users log in using their Microsoft account credentials, it’s Microsoft who verifies their identity and who provides the access tokens. All of this makes token-based authentication very secure and simple at the same time.

Role-Based Access Control Protects Applications

Reading this, you might be tempted to ask who protects our data. Since our applications are also hosted in the cloud, we need to ensure no unauthorized access and limit access to only select members of our team. Microsoft Azure makes it simple for us to control and restrict access to our applications thanks to a so-called Role-Based Access Control, also referred to as role-based security approach.

Every resource in the Azure infrastructure is by default protected by this nondiscretionary access control mechanism integrated with our Microsoft Azure Active Directory (Azure AD) accounts. All of this allows us to create a small group of users (employees) who can access the application. But we can also divide them into subgroups who can access, view, or edit only select parts of the application. This way each member of the team can monitor or manage only the part of the application that they are responsible for.

The Rise of Multi-Factor Authentication

Let’s not forget about Multi-Factor Authentication (MFA)! Almost every internet user has been asked at least once to confirm their identity by providing more than one piece of evidence, e.g. their account credentials and an additional code sent to a mobile device – that’s MFA.

Microsoft cloud solutions offer MFA both for the users and developers, so we also leverage this technology internally to provide the highest level of security making it impossible to access our resources even if account passwords were stolen.

Azure’s SLA is our SLA

Service Level Agreement (SLA) guarantees a certain level of uptime of a service you are using. For Microsoft Azure, the SLA is around 99.9%. This means that if our applications are hosted on Azure, we can guarantee a similar level of uptime. For example, our email signature management solution for Office 365 currently has the SLA level of 99.93%.

The Key Takeaway

No matter whether you are a huge ISV software house or a one-man-army developer working from your attic, Microsoft technology gives you all you need to create and deliver powerful and secure cloud applications that you can sell worldwide. The security built into the Microsoft stack absolutely has you covered.

We think your commitment to our products and platform should be rewarded, which is why Microsoft GTM Services will expand and grow with your usage of Microsoft technology. Learn more about Microsoft Go-To-Market services.

Are you an ISV building apps on the Microsoft stack? How has a partnership with Microsoft helped you build customer trust? Share your thoughts in the comments below.